Skip to content

Teleport 6.2.31
Compare
Choose a tag to compare
@r0mant r0mant released this 03 Mar 01:42
· 15822 commits to master since this release
v6.2.31
1729a7e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Description

This release of Teleport contains a security fix and an improvement.

Trusted Clusters security fix

An attacker in possession of a valid Trusted Cluster join token could inject a
malicious CA into a Teleport cluster that would allow them to bypass root
cluster authorization and potentially connect to any node within the root
cluster.

For customers using Trusted Clusters, we recommend upgrading to one of the
patched releases listed below then revoking and rotating all Trusted Cluster
tokens. As a best practice, make sure that Trusted Cluster tokens have short
time-to-live and ideally are removed after being used once.

Other fixes

  • Introduce cert.create audit event. #10226

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Assets 2
Loading